CIA Triad
Definition
The Confidentiality, Integrity & Availability (CIA Triad) is a foundational security model that defines three goals for protecting information and systems: Confidentiality, Integrity, and Availability.
Examples
- A healthcare platform encrypts patient records, logs all changes, and runs in a redundant cloud region so data stays private, accurate, and accessible.
- An online retailer restricts employee access to orders, signs software updates to prevent tampering, and uses load balancing to handle traffic spikes.
Overview
The CIA Triad is the lens through which security controls and risks are evaluated.
Confidentiality limits access to sensitive information; Integrity ensures data remains accurate and trustworthy; Availability keeps services and data reachable when needed.Almost every policy, tool, and process in cybersecurity maps to one or more of these goals.
<div class="callout danger">
<strong>Remember:</strong> The triad is a framework for trade-offs—improving one pillar
can sometimes pressure the others (e.g., tighter confidentiality controls may reduce availability).
</div>
A useful way to apply the triad is to ask, for any system or process: what must be kept secret, what must remain correct, and when must it be available? The answers guide control selection,investment, and incident response priorities.
Tip: The interactive version includes progress tracking, decks, and premium deep dives.